Upload
armmbed
View
28
Download
1
Embed Size (px)
Citation preview
Confidential © ARM 2016
Proportional security to meet the business needs of IoT
mbed Connect Asia / Shenzhen, ChinaDec 5, 2016
Nick Zhou / Senior Field Application Engineer / ARM
Confidential © ARM 2016 2
Invest in IoT security according to business needs
Protection/authenticat
ion of transmitte
d informatio
n
Protection of device
from software
vulnerabilities
Protection from
physical interventi
onDeployment integrity
requirements
Local asset value
requirements
Communication trust/privacy requirements
Confidential © ARM 2016 3
Diversity
Confidential © ARM 2016 4
End node device and deployment conditions
Connected to a network
May have a long lifetime
May be physically inaccessible for manual updates Must be able to be managed remotely
May be physically accessible to third parties Must protect against physical access
Deployed in enormous numbers Represents a significant investment to protect/maintain
Confidential © ARM 2016 5
Learn from internet security best practices Internet security evolving for decades
Leverage this heritage for IoT end nodes
Low cost, long battery life nodes are capable Think about agility post deployment – security is not a fixed thing
Security is about the weakest link Look for flaws in protocol and security architecture Avoid deployment mistakes and mismanagement
Learning applicable to both IP and non-IP IoT communication Find ways to work with existing deployments/technology Drive the future direction of relevant standards
Confidential © ARM 2016 6
IoT use cases
Bluetooth headset linked to cloud service via Smartphone
App
Building Automation System OEM covers many client
buildings using a diverse set of device types with live
connectivity to a cloud service
Confidential © ARM 2016 7
A few security technology choices
Protection/authentication of transmitted information Use standard BLE relationship between
Smartphone and headset to pair devices and setup link security
Protection of device from software vulnerabilities Device is not directly addressable on
the internet Direct attack unlikely if paired device
runs trusted SW Protection from (local) physical intervention
Limited local threats Limited device asset value
Treat network as untrusted and use
DTLS to establish secure connections based on certified device identities
Strong security to establish/authenticate DTLS sessions (ECC) limits device access
Additional device partitioning can vastly reduce local SW attack surface
Device identity and (device unique)
service keys must be protected Need security in supply chain to
prevent installation of cloned devices
Confidential © ARM 2016 8
Security profiles
Lab attacks• Local attack on an end node device
Network attacks• Remote attacks across the network• May scale to many devices; accounts; services
Minimum cost/effort to attack
Per-device HW cost/effort to secure
Where possible devices should not store valuable secrets
Local attacks must not enable network attacks on other devices
Some applications require tamper resistant devices
ARM SecurCore and related technology
Confidential © ARM 2016 9
Proportional security Threat-models should be informed by business requirements
Technology applied and cost expended varies according to application needs
For example Risk environment of application Value of assets to be protected Trust and control over firmware Supply chain structure Lifetime of the device
Application SecurityShort life node mbed TLS + ConnectLong life node + uVisor + Provision
+ Update
High value asset protection
+ Anti-tamper hardware (ARM SecurCore)
Confidential © ARM 2016 10
Ultra-constrained Constrained Mainstream IOT
BBC micro:bitBT Smart beacon
Rich BT SmartThread node
Low BW WiFi nodeBorder router
BT Smart
Device SW capabilities
IP + TLSuVisor
Lifecycle Security
IP + TLSuVisor
Lifecycle SecurityFirmware over-the-
air
Architecture
Acceleration
ARMv6-M
ARMv8-M Baseline
TRNG + Crypto TRNG + Crypto
Device HW resources
ARMv8-M Mainline or ARMv7-M with MPU
Unconstrained
High BW WiFi nodeGateway
A-ClassTRNG + Crypto +
GPU + VPU
IP + TLSOP-TEE
Lifecycle SecurityFirmware over-the-
airRich UI/Multimedia
mbed OS A-Class + mbed Client
Confidential © ARM 2016 11
mbed security architectureCloud application
platforms
Lifecyclesecurity
Communicationsecurity
Devicesecurity
mbed TLS Connectivity Client
Provisioning Client
Update Client
Connectivity
Service
Provisioning
ServiceUpdateService
Device Hardware
mbed uVisor
mbed TLS
Prov TLCrypto TL Update TLConn TL
Deployment ManagementData Flow Management
mbed Cloud Service
mbed OS
Confidential © ARM 2016 12
Call to action: Better security value proposition Avoid selling via FUD
Generally unquantifiable: What is value of security investment? What is the ROI?
Enable reasoning: What security is for, the value it brings Understand threats to business and what key assets are? Measure complete deployment lifecycle value not just BOM cost
Do not treat Security Technology as a “One Size Fits All” Deploy technology according to business needs Proportional security response according to defined threats/value Factor in agility to cope with evolving security context
Deliver scalable security choices for IoT driven by clear need/value
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.Copyright © 2016 ARM Limited
Confidential © ARM 2016